Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-0701)

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2022-2060)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-2032)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-1455)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3...

FreeBSD : OpenSSL -- BN_mod_exp incorrect results on MIPS (1aaaa5c6-804d-11ec-8be6-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1aaaa5c6-804d-11ec-8be6-d4c9ef517024 advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are...

Design/Logic Flaw

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...

OpenSSL -- BN_mod_exp incorrect results on MIPS

The OpenSSL project reports: BNmodexp may produce incorrect results on MIPS Moderate There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the...

OpenSSL 3.0.0 < 3.0.1 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.1 advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

Summary OpenSSL vulnerabilities were disclosed on 28th Jan 2016, March 1, 2016 ,May 3 2016 by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVEs - CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Application Developer for WebSphere Software (CVE-2016-0701, CVE-2015-3197)

Summary OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM i (CVE-2016-0701, CVE-2015-3197)

Summary OpenSSL vulnerabilities affect IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0701 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by the use of weak Diffie-Hellman parameters based on unsafe primes tha...

Security Bulletin: Vulnerabilities in GNU C library (glibc), OpenSSL and BIND affect IBM Netezza Host Management

Summary Vulnerabilites in GNU C library glibc, OpenSSL and BIND affects IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Netezza Platform Software clients

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Netezza Platform Software clients. IBM Netezza Platform Software has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a...

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

Security Bulletin: Vulnerabilities in OpenSSL affect the Cordova tools in Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-0701, CVE-2015-3197)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on January 28, 2016 by...

Security Bulletin: January 2016 OpenSSL Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions below 1.0.2f and 1.0.1r are susceptible to vulnerabilities that could lead to man-in-the-middle attacks. Multiple N series Products have addressed the applicable...

Security Bulletin: Security Vulnerabilities in OpenSSL, glibc, gcc, Net-SNMP, and OpenSSH affect IBM Security Proventia Network Enterprise Scanner

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Proventia Network Enterprise Scanner. This bulletin addresses the applicable CVEs as well as other CVEs related to glibc, gcc, Net-SNMP, and OpenSSH. CVE-2015-5600,...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2016-0701)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 and January 28, 2016 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3193 DESCRIPTION: OpenSS...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM PureApplication System. (CVE-2016-0701, CVE-2015-3197)

Summary OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by IBM PureApplication System. IBM PureApplication System has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0701 DESCRIPTION: OpenSSL could allow a remote attacker to...

Amazon Linux AMI : openssl (ALAS-2018-1016)

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...